Thin clients are typically configured to restrict the type of operations that can be performed by a non-administrator user. For example, a thin client operating system may not allow a non-administrator user to change desktop, mouse or keyboard settings or to enable access to USB peripheral devices. Instead, the non-administrator user will typically be required to contact the IT helpdesk to request that an administrator log in to the thin client with admin credentials and make the desired changes. Oftentimes it may also be necessary to perform a number of reboots when making such changes. This will result in substantial downtime and extra work for the administrators.
In some environments where an administrator may not be able to physically visit the thin client or log in remotely, it may be required to share the admin credentials with the non-administrator user to allow the user to make the desired changes. This sharing of admin credentials would defeat the purpose of restricting the type of operations that a non-administrator can perform.
In some cases, after an administrator has made a change to grant access to an otherwise restricted resource or feature, it will be necessary for the administrator to revoke the access privileges. Otherwise, the non-administrator would retain the elevated privileges indefinitely. However, it is possible that the administrator will forget to return to the thin client to revert the settings to their default configurations. For example, a user may need temporary access to USB ports in order to download a file to a flash drive. In such a situation, the administrator could reconfigure the user's thin client to allow access to the USB ports with the intention of returning 30 minutes later to revoke the access. If the administrator happens to forget, the user will retain access to the USB ports indefinitely thereby creating a security risk.